From 205c2b9a112841c4f092e63e97f024933762ffed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sun, 1 Dec 2024 15:59:42 +0000 Subject: [PATCH] add ad blocking dns server --- nixos/boxes/bolty/adblocking.nix | 18 ++++++++++++++++++ nixos/boxes/bolty/default.nix | 3 ++- nixos/boxes/bolty/nas.nix | 30 ------------------------------ nixos/boxes/bolty/networking.nix | 2 +- 4 files changed, 21 insertions(+), 32 deletions(-) create mode 100644 nixos/boxes/bolty/adblocking.nix diff --git a/nixos/boxes/bolty/adblocking.nix b/nixos/boxes/bolty/adblocking.nix new file mode 100644 index 00000000..c7268dbd --- /dev/null +++ b/nixos/boxes/bolty/adblocking.nix @@ -0,0 +1,18 @@ +{ + config, + pkgs, + inputs, + system, + ... +}: { + services.resolved = { + # Disable local DNS stub listener on 127.0.0.53 + extraConfig = '' + DNSStubListener=no + ''; + }; + services.technitium-dns-server = { + enable = true; + openFirewall = true; + }; +} diff --git a/nixos/boxes/bolty/default.nix b/nixos/boxes/bolty/default.nix index 460c10be..cc589494 100644 --- a/nixos/boxes/bolty/default.nix +++ b/nixos/boxes/bolty/default.nix @@ -6,6 +6,7 @@ imports = [ ../cli.nix ../send-logs.nix + ./adblocking.nix ./bolty-boot.nix ./grafana.nix ./home-assistant.nix @@ -18,9 +19,9 @@ ./print-server.nix ./real-hardware.nix ./restic-server.nix + ./syncthing.nix ./tailscale-cert.nix ./virtualisation.nix - ./syncthing.nix ../../git ../../helix ../../mercurial diff --git a/nixos/boxes/bolty/nas.nix b/nixos/boxes/bolty/nas.nix index dd39f9d4..4533dc02 100644 --- a/nixos/boxes/bolty/nas.nix +++ b/nixos/boxes/bolty/nas.nix @@ -15,36 +15,6 @@ enable = true; allowPing = true; }; - services.samba = { - enable = true; - nsswins = true; - securityType = "user"; - extraConfig = '' - workgroup = WORKGROUP - server string = smbnix - netbios name = smbnix - security = user - #use sendfile = yes - #max protocol = smb2 - # note: localhost is the ipv6 localhost ::1 - hosts allow = 10.0.0. 100. 127.0.0.1 localhost - hosts deny = 0.0.0.0/0 - guest account = sambaguest - map to guest = bad user - ''; - shares = { - videos = { - path = "/data/shares/videos"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "sambaguest"; - }; - }; - openFirewall = true; - }; networking.firewall.allowedTCPPorts = [2049]; services.nfs.server = { enable = true; diff --git a/nixos/boxes/bolty/networking.nix b/nixos/boxes/bolty/networking.nix index 2c2fdff8..548b3f07 100644 --- a/nixos/boxes/bolty/networking.nix +++ b/nixos/boxes/bolty/networking.nix @@ -19,7 +19,7 @@ address = ["10.0.0.8/24"]; gateway = ["10.0.0.1"]; DHCP = "no"; - dns = ["100.100.100.100" "9.9.9.9"]; + dns = ["10.0.0.8"]; }; networks."eth" = { name = "enp4s0";